[CERT-daily] Tageszusammenfassung - Dienstag 14-02-2017

Tue Feb 14 18:05:23 CET 2017

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 13-02-2017 18:00 − Dienstag 14-02-2017 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Shirebrook man arrested in connection to Sports Direct breach ***
---------------------------------------------
A 27-year-old man has been arrested in connection with the hack of Sports ..
---------------------------------------------
www.theregister.co.uk/2017/02/13/sports_direct_arrest/


*** A look into the Russian-speaking ransomware ecosystem ***
---------------------------------------------
In other words, crypto ransomware is a fine tuned, user friendly and constantly developing ecosystem. In the last few years we, at Kaspersky Lab, have been monitoring the development of this ecosystem. This is what we’ve learned.
---------------------------------------------
http://securelist.com/analysis/publications/77544/a-look-into-the-russian-speaking-ransomware-ecosystem/


*** Top phishing targets in 2016? Google, Yahoo, and Apple ***
---------------------------------------------
For every new phishing URL impersonating a financial institution, there were more than seven impersonating technology companies. Comparison of most impersonated companies ..
---------------------------------------------
https://www.helpnetsecurity.com/2017/02/14/top-phishing-targets/


*** Metadata: The secret data trail ***
---------------------------------------------
Every phone call, text message, even activated cell phones, leaves a trail of data across a network. In many cases this data is aggregated with other data and metadata including ..
---------------------------------------------
https://www.helpnetsecurity.com/2017/02/14/metadata-secret-data-trail/


*** Worried about hacks, senators want info on Trump’s personal phone ***
---------------------------------------------
Two senators have written to the U.S. Department of Defense about reports that President Donald Trump may still be using an old unsecured Android phone, including to communicate ..
---------------------------------------------
http://www.cio.com/article/3169577/security/worried-about-hacks-senators-want-info-on-trumps-personal-phone.html


*** 25% of web apps still vulnerable to eight of the OWASP Top Ten ***
---------------------------------------------
69 percent of web applications are plagued by vulnerabilities that could lead to sensitive data exposure, and 55 percent by cross-site request forgery flaws, the results ..
---------------------------------------------
https://www.helpnetsecurity.com/2017/02/14/web-application-vulnerabilities/


*** Sicherheitslücke in GarageBand für den Mac ***
---------------------------------------------
Apple hat einen potenziell problematischen Fehler in seiner populären Audioanwendung geschlossen. Angreifer hätten wohl Code ausführen können.
---------------------------------------------
https://heise.de/-3624160


*** University DDoSed by Its Own IoT Devices ***
---------------------------------------------
An unnamed university has suffered a DDoS attack at the hand of its own IoT devices, according to a sneak preview of Verizons upcoming yearly data breach report.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/university-ddosed-by-its-own-iot-devices/


*** DSA-3788 tomcat8 - security update ***
---------------------------------------------
It was discovered that a programming error in the processing of HTTPSrequests in the Apache Tomcat servlet and JSP engine may result indenial of service via an infinite loop.
---------------------------------------------
https://www.debian.org/security/2017/dsa-3788


*** DSA-3787 tomcat7 - security update ***
---------------------------------------------
It was discovered that a programming error in the processing of HTTPSrequests in the Apache Tomcat servlet and JSP engine may result indenial of service via an infinite loop.
---------------------------------------------
https://www.debian.org/security/2017/dsa-3787


*** DSA-3786 vim - security update ***
---------------------------------------------
Editor spell files passed to the vim (Vi IMproved) editormay result in an integer overflow in memory allocationand a resulting buffer overflow which potentiallycould result in the execution of arbitrary code or denial ofservice.
---------------------------------------------
https://www.debian.org/security/2017/dsa-3786


*** Jetzt patchen! Angriffe auf WordPress-Seiten nehmen zu und werden gefährlicher ***
---------------------------------------------
Nach der Verunstaltung von verwundbaren WordPress-Webseiten versuchen Angreifer nun Schadcode auszuführen, warnen Sicherheitsforscher.
---------------------------------------------
https://heise.de/-3624301


*** Staying safe online on Valentine’s Day ***
---------------------------------------------
We give some advice on how to steer clear of scams and other bad things on Valentines Day. Everything from ..
---------------------------------------------
https://blog.malwarebytes.com/cybercrime/2017/02/staying-safe-online-on-valentines-day/


*** Chrome: Google zahlt 20 Millionen US-Dollar für Anti-Malware-Patente ***
---------------------------------------------
Auch für Google sind 20 Millionen Dollar nicht wenig Geld. Ein US-Gericht verurteilte das Unternehmen zur Zahlung dieser Summe, weil es Patente zur Sicherung vor Malware im ..
---------------------------------------------
https://www.golem.de/news/chrome-google-zahlt-20-millionen-us-dollar-fuer-anti-malware-patente-1702-126161.html


*** Tracking the Decline of Top Exploit Kits ***
---------------------------------------------
The latter half of 2016 saw a major shift in the exploit kit landscape, with many established kits suddenly dropping operations or switching business models. Angler, which has ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/tracking-decline-top-exploit-kits


*** Gefälschte Post.at-Sendungsverfolgung im Umlauf ***
---------------------------------------------
Mit einer gefälschten Post.at-Sendungsverfolgung wollen Kriminelle Schadsoftware auf fremden Computern hinterlegen. Dazu fordern sie Empfänger/innen auf, Informationen ..
---------------------------------------------
https://www.watchlist-internet.at/schadsoftware/gefaelschte-postat-sendungsverfolgung-im-umlauf/


*** Security Bulletins posted for Flash Player, Digital Editions and Adobe Campaign ***
---------------------------------------------
Adobe has published security bulletins for Adobe Flash Player (APSB17-04), Adobe Digital Editions (APSB17-05) and Adobe Campaign (APSB17-06). Adobe recommends users update their ..
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1444


*** Nation States Distancing Themselves from APTs ***
---------------------------------------------
Increasingly, governments are outsourcing state-sponsored attacks to mitigate risk and maximize intelligence.
---------------------------------------------
http://threatpost.com/nation-states-distancing-themselves-from-apts/123711/


*** February 2017 security update release ***
---------------------------------------------
Our top priority is to provide the best possible experience for customers in maintaining and protecting their ..
---------------------------------------------
https://blogs.technet.microsoft.com/msrc/2017/02/14/february-2017-security-update-release/